Privacy policy
Placeholder — full policy + cookie notice will be reviewed with counsel before launch marketing. Data-subject requests: [email protected].
Data controller
Droptix Ltd is the data controller for your account and buyer data. When you book a ticket, the event organiser becomes a joint controller for your name, email, ticket type, and scan status (only) under UK GDPR Art 26.
What we collect
- Your email address (for sign-in + order confirmations)
- Your name (on tickets)
- Your purchase history (orders + issued tickets)
- Device metadata (IP, user agent, crudely, for fraud prevention)
- Scan events at the door (which device scanned, when)
Payment data
We never see or store your card details. Payments are handled end-to-end by Stripe (PCI-DSS Level 1). Droptix is SAQ-A scope.
Retention
Order + ticket data: 6 years post-event (tax retention). Buyer profile: until you delete the account. Scan logs: 2 years then anonymised.
Your rights
Access, rectification, erasure, portability, objection, restriction. We respond within one calendar month. To exercise: [email protected].
International transfers
Stripe processes payments in the US under the UK International Data Transfer Addendum. No buyer data is transferred to other jurisdictions.
Cookies
See the cookie notice.